My experience with the new Defender for Individuals solution!

In case you missed the announcement last week, Microsoft has released a Defender for Individuals solution purpose built for personal use. Now you can get the same great protection from Microsoft across your personal devices that you’re already (or should be) getting at work! Device protection extends across iOS, Android, macOS and Windows 10/11 and includes capabilities such as malware protection, web protection, real-time security notifications and security tips. This announcement coerced me into finally pulling the trigger on purchasing a Microsoft 365 family subscription this weekend. The family subscription is one of the two options of subscriptions to get started with Defender for Individuals. The following are notes on my rollout and my experience with Defender for Individuals thus far…

Pre-requisites

In order to enroll devices in Defender for Individuals, you will first need a Microsoft 365 personal or Microsoft 365 family subscription. A breakdown of all the included services, in either subscription, can be found here. You will also need devices that meet the following minimum criteria for the Microsoft Defender app:

  • Windows 10 version 19041.0 or later. Defender is not currently supported on ARM-based devices.
  • Intel Macs from Catalina 10.15+ later, Apple silicon-based devices from 11.2.3+ later. Disk Space: 2 GB
  • iOS 13.0 or later
  • Android OS 6.0 and later

Once you have a subscription setup and devices that meet the criteria above, you’re ready to begin enrollment!

Setup

Enrolling devices in Defender for Individuals is as simple as downloading the Microsoft Defender app from your platforms public app store, and logging into the application with the LiveID account assigned your Microsoft 365 family or personal subscription. You can have up to 5 total devices enrolled per person. Here’s the play-by-play in screenshot format from my iOS device after downloading the app from the app store and launching for the first time:

First, select the appropriate Microsoft account with the family subscription…
All the time…

Defender uses the built-in VPN technology on iOS devices to route web traffic through the application for inspection. Just like Defender for Endpoint in the enterprise environment, iOS users need to allow this the first time Defender is setup on the endpoint.

Since this is a personal device, chances are lower that you might have another VPN profile pre-existing, but if you do the two may conflict. I haven’t had a chance to test this out yet but I’m imagining the same limitations will hold true where multiple VPN profiles cannot be active at the same time on an iOS device. See the Defender for Endpoint notes here.

That’s it! About 30 seconds of “next, next, finish” and my personal iPhone was enrolled and protected. My Surface was even easier to enroll. Here’s the play-by-play in screenshots for enrollment…

Install the Microsoft Defender app from the Microsoft Store.

Select the appropriate Microsoft account to login to…

 

My Microsoft Corporation is protected?! Huh… well that’s not the name of my Surface device so I assume this is a bug that needs fixed in the Microsoft Defender app…
I chose to share the security status since that’s one of the big benefits of this solution on your personal endpoints. I want to know when something malicious tries to execute on my personal devices just like at the enterprise level.
And that’s it! We are enrolled and protected.

Functionality Overview

As mentioned previously, device protection can be enabled for iOS, Android, macOS and Windows 10/11 devices. Depending on which platform you are using, the protection capabilities vary, at present. I wouldn’t be surprised if these are expanded in the future as new updates come out for the enterprise Defender for Endpoint product.

FeatureWindows 10/11macOSiOSAndroid
Malware ProtectionXX X
Web ProtectionX XX

If you’re wondering the differences between Defender for Individuals and Microsoft 365 Family Safety applications, here’s a bit more explanation on the differences…

Microsoft Defender is a security app that protects devices with malware protection, web protection, real-time security notifications, and security tips. You can have either a Microsoft 365 personal or Microsoft 365 family subscription to leverage the solution.

Microsoft Family Safety is a solution to help families build better habits with digital and physical security safety features like screen time limits, content filters, online activity reports, and location sharing for family members. Really cool sidenote… Some capabilities of Microsoft Family Safety solution are free for everyone to use! I’ll be performing a write-up on the Family Safety solution in the near future…

Once a device is enrolled, you can see the activity of the device within the Defender app. Here’s what that looks like on my iOS device…

as well as the current state of other enrolled devices…

Here’s the Defender app home screen from my Surface…

It’s important to note that I didn’t have a pre-existing third-party anti-malware solution on either endpoint. If you do, it seems that Microsoft Defender will hand off those protections to the third-party app and not takeover any workloads the other solution is actively protecting today. I don’t have the ability to test this at present. I’d be curious if the remaining features of Microsoft Defender are worth it if you are already paying for another solutions malware protection.

I ran a test virus file from the Defender for Endpoint testing guides. This was a block at first sight test so the file was not detected as known malicious at download, but only once I executed it on the endpoint. It triggered Windows Defender and quarantined as expected. Here’s what the Microsoft Defender app looked like immediately after execution of the test…

Once Windows Defender full quarantined the file, the home screen went back to protected and I could see the event in the history of the Microsoft Defender app…

I didn’t receive an alert on any of my enrolled devices like I expected. The alerts page shows nothing so I’m wondering if alerts are only generated when Windows Defender cannot take action against a malicious detection or the device is in a needs attention state for a minimum amount of time?

I did some searching for documentation but could only turn up basic articles about the functionality and enrolling.  It simply states “real-time alerts on changes to your and your family’s security status”. I did expect to receive something just letting me know that there was a detection so I could follow-up. Perhaps it’s because I am the family organizer and the event occurred on one of my devices? Seems odd since it says “your” in the product description. I’m going to continue to play around with the solution more and will post any pertinent updates.